A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
A.
Redirecting output from a file to a remote system
B.
Building a scheduled task for execution
C.
Mapping a share to a remote system
D.
Executing a file on the remote system
E.
Creating a new process on all domain systems
F.
Setting up a reverse shell from a remote system
G.
Adding an additional IP address on the compromised system
Can confirm D.
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.
The penetration tester is performing the following actions:
C. Mapping a share to a remote system
D. Executing a file on the remote system
The first command, "net use S: \192.168.5.51\C$\temp /persistent no", maps a share on a remote system (IP address 192.168.5.51) to the local system.
The second command, "copy c:\temp\hack.exe S:\temp\hack.exe", copies a file (hack.exe) to the mapped share.
The third command, "wmic.exe /node: "192.168.5.51" process call create "C:\temp\hack.exe"", creates a new process on the remote system (IP address 192.168.5.51) that runs the file hack.exe.
A. Redirecting output from a file to a remote system: This action is not performed in the given output
B. Building a scheduled task for execution: This action is not performed in the given output
E. Creating a new process on all domain systems: This action is not performed in the given output
F. Setting up a reverse shell from a remote system: This action is not performed in the given output
G. Adding an additional IP address on the compromised system: This action is not performed in the given output
The two actions being performed by the penetration tester are:
D. Executing a file on the remote system: The commands "copy c:\temp\hack.exe S:\temp\hack.exe" and "wmic.exe /node:"192.168.5.51" process call create "C:\temp\hack.exe"" are used to copy and execute the "hack.exe" file on the remote system.
C. Mapping a share to a remote system: The command "net use S: \192.168.5.51\C$ \temp /persistent:no" is used to map a share on the remote system to a drive letter on the local system.
Net Use is a command-line utility used to map or disconnect network drives. The syntax for running the command is net use [drive letter] [UNC Path], where the UNC Path is the location of the remote shared folder. It's typically used to access files stored on remote servers or computers.
The command 'net use S: \\192.168.5.51\c$\temp /persistent no' will map the folder 'C:\temp' to drive letter 'S', make the connection persistent, and not prompt the user to enter a password when connecting.
The command 'copy c:\temp\hack.exe S:\temp\hack.exe' will copy the file 'hack.exe' from the local folder 'C:\temp' to the remote folder 'S:\temp'.
The command 'wmic.exe /node: "192.168.5.51" process call create "c:\temp\hack.exe"' will create a process based on the file 'hack.exe' located in the folder 'C:\temp' on the remote computer with the IP address '192.168.5.51'.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Manzer
Highly Voted 2 years, 7 months agoLee_Lah
2 years, 7 months agoRRabbit_111
Highly Voted 2 years, 4 months agowdmssk
8 months, 1 week ago[Removed]
Most Recent 2 years, 1 month agonickwen007
2 years, 2 months agokloug
2 years, 3 months agokloug
2 years, 3 months ago[Removed]
2 years, 3 months agomasso435
2 years, 5 months agopetercorn
2 years, 7 months ago